Some Considerations for Istio

Before Deploying Istio

Considerations for Redhat 8

Before deploying Istio on Redhat 8, you need to load some additional modules:

modprobe br_netfilter
modprobe nf_nat
modprobe xt_REDIRECT
modprobe xt_owner
modprobe iptable_nat
modprobe iptable_mangle
modprobe iptable_filter

Write to the configuration file:

cat > /etc/modules-load.d/istio.conf <<EOF
br_netfilter
nf_nat
xt_REDIRECT
xt_owner
iptable_nat
iptable_mangle
iptable_filter
EOF

After Enabling Istio

Regarding MongoDB

Ensure to add the following connection parameters in the microservice environment variables:

ENV_MONGODB_OPTIONS: "?maxIdleTimeMS=600000&maxLifeTimeMS=1800000"

Regarding Forward Proxy

If a forward proxy is enabled within the microservice, accessing https addresses from inside the container will return a 404. You need to create the following service in the Kubernetes cluster:

kubectl apply -f - <<EOF
apiVersion: networking.istio.io/v1beta1
kind: ServiceEntry
metadata:
  name: proxy
spec:
  hosts:
  - my-company-proxy.com
  addresses:
  - 10.88.0.0/16
  ports:
  - number: 1080
    name: tcp
    protocol: TCP
  location: MESH_EXTERNAL
EOF

Modify the value of addresses according to the actual IP segment where your forward proxy is located.
Modify the value of number according to the actual port of your forward proxy.

Before Deploying Istio​

Considerations for Redhat 8​

After Enabling Istio​

Regarding MongoDB​

Regarding Forward Proxy​

Before Deploying Istio

Considerations for Redhat 8

After Enabling Istio

Regarding MongoDB

Regarding Forward Proxy